Spencer Dawkins
Yes

Comment (2017-09-08 for -00-00)

If only "Yes, but ..." was a position I could select ...
I'm really glad to see this going forward - enough to ballot "Yes".
This looks like a framework that could be used in a number of use cases, and my "Yes, but ..." is that it's not clear to me, how much analysis of ID/Loc separation security implications that some folks downstream are going to have to do, when using this framework.
I'm remembering an exchange with a document editor on the last telechat that could be summarized as "we didn't do the work on general security implications of X, so each usage of X has to do that work itself, rather than pointing to previous work". OK, if that's where we are, but IDEAS hasn't already done the same thing (yet).
I'm looking at deliverables like "Requirements for identity authentication and authorization service (for GRIDS)" and "Threat model document", so I know there's SOMEthing in there, but I don't know what else might be required, if someone wanted to think about the general security implications of GRIDS, and I note that those deliverables are listed as living drafts or wiki entries, which doesn't sound like anything GRIDS framework usages would be able to point to, when they need to look at security implications.
Is a look at general security implications, in a form that specific framework usages can point to, on the table for IDEAS?
(It doesn't have to be, for me to ballot Yes, but I did have to ask, right?)